Metrics
Affected Vendors & Products
Solution
Update Mattermost to versions 10.5.0, 10.4.2, 9.11.8, 10.3.3, 10.2.3 or higher. Alternatively, update the Mattermost Boards plugin to v9.0.5 or higher.
Workaround
No workaround given by the vendor.
Link | Providers |
---|---|
https://mattermost.com/security-updates |
![]() ![]() |
Thu, 02 Oct 2025 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Mattermost
Mattermost mattermost Server |
|
CPEs | cpe:2.3:a:mattermost:mattermost_server:*:*:*:*:*:*:*:* | |
Vendors & Products |
Mattermost
Mattermost mattermost Server |
Mon, 24 Feb 2025 12:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Mon, 24 Feb 2025 07:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Mattermost versions 10.4.x <= 10.4.1, 9.11.x <= 9.11.7, 10.3.x <= 10.3.2, 10.2.x <= 10.2.2 fail to properly validate board blocks when importing boards which allows an attacker could read any arbitrary file on the system via importing and exporting a specially crafted import archive in Boards. | |
Title | Arbitrary file read in Mattermost Boards via import & export board archive | |
Weaknesses | CWE-22 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Mattermost
Published:
Updated: 2025-02-24T11:22:50.849Z
Reserved: 2025-02-18T11:11:14.677Z
Link: CVE-2025-25279

Updated: 2025-02-24T11:22:47.426Z

Status : Analyzed
Published: 2025-02-24T08:15:10.607
Modified: 2025-10-02T18:19:20.400
Link: CVE-2025-25279

No data.

No data.